i need some help with a site that has been hacked. i am not sure where i sold look to get information about the hacker and how they managed to access the site. they were able to change my paypal info and redirect it to another account. i have gone into the site and turned off paypal but it is still active and i need to resolve this asap.. this is the sever info i followed the setup fir this system and all the updates for the server are up to date. the site is now in maintenance mode but i really need to fix this Ubuntu Linux 16.04.3 ISPConfig Version: 3.1dev thanks for any help kwick
First, you didn't mention what your website address is, the CMS you use, etc. If your website is using, for example, WordPress, you can install a plugin like WordFence then scan the site for the malicious codes. Maybe they were able to brute force your password, check your website's administrative accounts, make sure you use strong passwords for your accounts. Generally, a password utilizing at least 10 characters including alphanumeric and grammatical symbols is sufficient. Never use passwords based upon dictionary words or significant dates.
You should not run ISPConfig development version on a production server. Maybe do that if you are developer yourself. My advice is to take services or whole server offline. Then change all passwords to 12 character long random strings. Wordfence for Wordpress is a good idea. RS Firewall for Joomla sites similarly. There is ISPProtect that scans your server for malware, that or similar stuff may be helpful. Then turn server back on. I know nothing about Paypal. There are threads on this forum on how to recover from hacked website. Use Internet Search Engines with Code: site:howtoforge.com hacked server
thank you both for the reply all the password have been changed to 15 Character symbols and numeric. The site in question is a magento 1.9 and it's a cms site and I have a site with the latest version but it well not be ready for scorned month.. thanks once again kwick